Overview
overview
10Static
static
7com.roomwhatllgp.apk
android-9-x86
10com.roomwhatllgp.apk
android-11-x64
10style_3_18...847.gz
windows7-x64
3style_3_18...847.gz
windows10-2004-x64
3style_4_18...891.gz
windows7-x64
3style_4_18...891.gz
windows10-2004-x64
3style_5_18...937.gz
windows7-x64
3style_5_18...937.gz
windows10-2004-x64
3style_6_18...734.gz
windows7-x64
3style_6_18...734.gz
windows10-2004-x64
3General
-
Target
com.roomwhatllgp.apk
-
Size
1.7MB
-
Sample
230707-j251psfh26
-
MD5
49f67ec7bcfd5d8b01c1fb92820481f5
-
SHA1
19bf5e03023516b25bd2d0747773186911bdbf2f
-
SHA256
2405d448a846ffd6969dee781d02f37d4523b71036ed8e1c414c3afe895560cc
-
SHA512
ae1f3e3bab47413b456c7c22c465693930099b76cad25e6f8f698e5269c76f3e3e23a05d9b7a460a6b6943ddd73b4a171d77a10bca7d68193e22af0710f1dfd5
-
SSDEEP
49152:KozkE4BmXs06O2W3m/l1IV9KiaCG0GsBCaEA1l7:Ko4vBmc0TQl6Si9dBCaz1l7
Static task
static1
Behavioral task
behavioral1
Sample
com.roomwhatllgp.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
com.roomwhatllgp.apk
Resource
android-x64-arm64-20230621-en
Behavioral task
behavioral3
Sample
style_3_18_1624864847.gz
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
style_3_18_1624864847.gz
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
style_4_18_1630315891.gz
Resource
win7-20230703-en
Behavioral task
behavioral6
Sample
style_4_18_1630315891.gz
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
style_5_18_1630315937.gz
Resource
win7-20230703-en
Behavioral task
behavioral8
Sample
style_5_18_1630315937.gz
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
style_6_18_1624866734.gz
Resource
win7-20230703-en
Behavioral task
behavioral10
Sample
style_6_18_1624866734.gz
Resource
win10v2004-20230703-en
Malware Config
Extracted
octo
https://ipscanworldbest.xyz/NmE0N2YwOWEzMTM3/
https://ipworldscanbest.xyz/NmE0N2YwOWEzMTM3/
https://ipworldbestscan.xyz/NmE0N2YwOWEzMTM3/
https://worldbestscanip.xyz/NmE0N2YwOWEzMTM3/
https://worldbestipscan.xyz/NmE0N2YwOWEzMTM3/
https://worldscanbestip.xyz/NmE0N2YwOWEzMTM3/
https://worldscanipbest.xyz/NmE0N2YwOWEzMTM3/
https://bestworldscanip.xyz/NmE0N2YwOWEzMTM3/
https://bestipworldscan.xyz/NmE0N2YwOWEzMTM3/
https://scanbestworldip.xyz/NmE0N2YwOWEzMTM3/
https://doublednscheck.xyz/NmE0N2YwOWEzMTM3/
https://dnscheckdouble.xyz/NmE0N2YwOWEzMTM3/
https://checkdoubledns.xyz/NmE0N2YwOWEzMTM3/
https://doublecheckdns.xyz/NmE0N2YwOWEzMTM3/
https://alldnsfastcheck.xyz/NmE0N2YwOWEzMTM3/
Targets
-
-
Target
com.roomwhatllgp.apk
-
Size
1.7MB
-
MD5
49f67ec7bcfd5d8b01c1fb92820481f5
-
SHA1
19bf5e03023516b25bd2d0747773186911bdbf2f
-
SHA256
2405d448a846ffd6969dee781d02f37d4523b71036ed8e1c414c3afe895560cc
-
SHA512
ae1f3e3bab47413b456c7c22c465693930099b76cad25e6f8f698e5269c76f3e3e23a05d9b7a460a6b6943ddd73b4a171d77a10bca7d68193e22af0710f1dfd5
-
SSDEEP
49152:KozkE4BmXs06O2W3m/l1IV9KiaCG0GsBCaEA1l7:Ko4vBmc0TQl6Si9dBCaz1l7
Score10/10-
Octo
Octo is a banking malware with remote access capabilities first seen in April 2022.
-
Octo payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-
-
-
Target
style_3_18_1624864847.data
-
Size
9KB
-
MD5
b30db74d00433ab588159728ffa0e4e7
-
SHA1
9cf9965703d072590325aa18d9da427a2def4b1d
-
SHA256
076d4ed2efe7bb48b1e78b75b72990b6ea7d9039580a076674c6ee68055bc3c5
-
SHA512
0be7b914695a3221be944d9eeab9c6101187ee11069485d60ac783de0a25c1d33a63e29bc62cb6cd88ebbc00e9395bbb4ea87d6647b97e75fe8021aec61e3b2e
-
SSDEEP
192:foLmZL6lojXOH03saJsppGVuMIEw44CYiwyqVK5iMWindz:QLULhjXiUJdEErFYwqV4p1
Score3/10 -
-
-
Target
style_4_18_1630315891.data
-
Size
14KB
-
MD5
f27e11baa71c56fc2de6d55247514579
-
SHA1
e6e0558aba360bdd3a69984977afcac79a1e210e
-
SHA256
17d856da7c1c6debcc4320e2390001d8373c08d24e32aa0bb0b56256c9708c5c
-
SHA512
03c24579bafa845edf46efe7dc37a2e26deead57fa92c288ae555489c32723aa2b5c87925fe73a030806923e777fe41cb82674596ef0121849058ba0412f77ac
-
SSDEEP
384:1M0NHs5dgU3jPeqxRNYUgvppiajhRkL73O:a0N+zCWPYUwxnkP3O
Score3/10 -
-
-
Target
style_5_18_1630315937.data
-
Size
10KB
-
MD5
c9e67eedf9a785e6c0031e617e2f20c8
-
SHA1
b3d110df9f595e1b0f1eaf0db18af481dbe006d2
-
SHA256
09c164fd19bb3aa6c18033407628d1cd63ac5f51f91928a46b178773809a8220
-
SHA512
a8897fa86774c9c2368458abb7158ccaeaf42e3b4d5f93b42ba6d3ba6811d2386fb061dffdb1d963ad5cf3ab7e0b92eddd653c3a1209e02b2638136f00f54065
-
SSDEEP
192:dnhGTgakkLJuclPCPGjomsFBotZE0F0zcr4NWfz6OZLD+9fIbMxu9tpkt59qe:dgUakkdTcBo7E0qcr4NWfzzxaGbMwstH
Score3/10 -
-
-
Target
style_6_18_1624866734.data
-
Size
17KB
-
MD5
eb196931a1167bdce0f9411684583a8a
-
SHA1
c19a82b9af2c199717206c0855865585cdded8ed
-
SHA256
54ea1930964f62208a0b212af7d3bb319cbebb92d252355873ec7ebddfbe9f9b
-
SHA512
2dea61baa641fdbd23c9f9d3ef86a9db2468e25207c54a16cb1ab78781edd7ea950b33d0149ffac184b58082c79a0bad0569f3a292b10028068dfe662fd67027
-
SSDEEP
384:PFQ9U8Wr7kOv8wfCPjTR2cSjt3cvWcMP+mo+EiWtyx3bxqv:9CUB7kOvx6/ANWgExMxdqv
Score3/10 -